EAP anonymous and inner User-name

Thibault Le Meur Thibault.LeMeur at supelec.fr
Fri Nov 17 23:39:43 CET 2006

> "Thibault Le Meur" <Thibault.LeMeur at supelec.fr> wrote:
>> Strange... I've set copy_request_to_tunnel and I haven't seen my inner
>> User-Name be overwritten !
>   Doing that would be wrong.  FreeRADIUS doesn't do that.

I know,  It would have broken my setup ;-)

>> > And, lastly, did you set copy_request_to_tunnel in eap.conf?
>> > Don't, because
>> > then your real inner user name gets overwritten by the outer one.
>   No, absolutely not.  That DOES NOT HAPPEN.
>> Another question: if you don't set copy_request_to_tunnel, could you still
>> have a rule in the users file matching the user's ldap group (for the users
>> in the inner request) and the Called-Station-Id (from outer request) ?
>   You could match LDAP group, because the username is in the inner
> request.  You can't match Called-Station-Id, because it's in the outer
> request.

Ok, so I had correctly interpreted this copy_request_to_tunnel option.
Thus I thin the previous debug output showing th decoded inner request  
was better to troubleshoot tunneled authentication schemes.

Thanks again for this clarification,

More information about the Freeradius-Users mailing list